mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 16:15:27 +00:00
Code Issues Releases Wiki Activity

997. [func] Add support for RSA-SHA1 keys.

Browse Source
This commit is contained in:
Brian Wellington
2001-09-15 00:01:58 +00:00
parent 967ecc6264
commit 36e37042c6
11 changed files with 59 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,3 +1,5 @@
997. [func] Add support for RSA-SHA1 keys.
996. [func] Issue warning if the configuration filename contains 996. [func] Issue warning if the configuration filename contains
the chroot path. the chroot path.

7
bin/dnssec/dnssec-keygen.c
View File

@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dnssec-keygen.c,v 1.49 2001/09/05 23:15:35 bwelling Exp $ */ /* $Id: dnssec-keygen.c,v 1.50 2001/09/15 00:01:44 bwelling Exp $ */
#include <config.h> #include <config.h>
@@ -49,6 +49,8 @@
const char *program = "dnssec-keygen"; const char *program = "dnssec-keygen";
int verbose; int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5";
static isc_boolean_t static isc_boolean_t
dsa_size_ok(int size) { dsa_size_ok(int size) {
return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0)); return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
@@ -60,8 +62,7 @@ usage(void) {
fprintf(stderr, " %s -a alg -b bits -n type [options] name\n\n", fprintf(stderr, " %s -a alg -b bits -n type [options] name\n\n",
program); program);
fprintf(stderr, "Required options:\n"); fprintf(stderr, "Required options:\n");
fprintf(stderr, " -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5" fprintf(stderr, " -a algorithm: %s\n", algs);
"\n");
fprintf(stderr, " -b key size, in bits:\n"); fprintf(stderr, " -b key size, in bits:\n");
fprintf(stderr, " RSA:\t\t[512..%d]\n", MAX_RSA); fprintf(stderr, " RSA:\t\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " DH:\t\t[128..4096]\n"); fprintf(stderr, " DH:\t\t[128..4096]\n");

5
lib/dns/rdata.c
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: rdata.c,v 1.147 2001/08/08 22:54:41 gson Exp $ */ /* $Id: rdata.c,v 1.148 2001/09/15 00:01:46 bwelling Exp $ */
#include <config.h> #include <config.h>
#include <ctype.h> #include <ctype.h>
@@ -269,13 +269,14 @@ static const char decdigits[] = "0123456789";
{ 254, "OID", 0}, \ { 254, "OID", 0}, \
{ 0, NULL, 0} { 0, NULL, 0}
/* RFC2535 section 7 */ /* RFC2535 section 7, RFC3110 */
#define SECALGNAMES \ #define SECALGNAMES \
{ 1, "RSAMD5", 0 }, \ { 1, "RSAMD5", 0 }, \
{ 2, "DH", 0 }, \ { 2, "DH", 0 }, \
{ 3, "DSA", 0 }, \ { 3, "DSA", 0 }, \
{ 4, "ECC", 0 }, \ { 4, "ECC", 0 }, \
{ 5, "RSASHA1", 0 }, \
{ 252, "INDIRECT", 0 }, \ { 252, "INDIRECT", 0 }, \
{ 253, "PRIVATEDNS", 0 }, \ { 253, "PRIVATEDNS", 0 }, \
{ 254, "PRIVATEOID", 0 }, \ { 254, "PRIVATEOID", 0 }, \

5
lib/dns/sec/dst/dst_api.c
View File

@@ -19,7 +19,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.88 2001/07/10 21:27:59 bwelling Exp $ * $Id: dst_api.c,v 1.89 2001/09/15 00:01:48 bwelling Exp $
*/ */
#include <config.h> #include <config.h>
@@ -138,6 +138,7 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
#ifdef OPENSSL #ifdef OPENSSL
RETERR(dst__openssl_init()); RETERR(dst__openssl_init());
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5])); RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5]));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1]));
RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA])); RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH])); RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
#endif #endif
@@ -697,6 +698,7 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
switch (key->key_alg) { switch (key->key_alg) {
case DST_ALG_RSAMD5: case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
*n = (key->key_size + 7) / 8; *n = (key->key_size + 7) / 8;
break; break;
case DST_ALG_DSA: case DST_ALG_DSA:
@@ -726,6 +728,7 @@ dst_key_secretsize(const dst_key_t *key, unsigned int *n) {
*n = (key->key_size + 7) / 8; *n = (key->key_size + 7) / 8;
break; break;
case DST_ALG_RSAMD5: case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_DSA: case DST_ALG_DSA:
case DST_ALG_HMACMD5: case DST_ALG_HMACMD5:
default: default:

20
lib/dns/sec/dst/dst_parse.c
View File

@@ -19,7 +19,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: dst_parse.c,v 1.31 2001/05/31 00:38:07 bwelling Exp $ * $Id: dst_parse.c,v 1.32 2001/09/15 00:01:49 bwelling Exp $
*/ */
#include <config.h> #include <config.h>
@@ -39,9 +39,10 @@
#define PRIVATE_KEY_STR "Private-key-format:" #define PRIVATE_KEY_STR "Private-key-format:"
#define ALGORITHM_STR "Algorithm:" #define ALGORITHM_STR "Algorithm:"
#define RSA_STR "RSA" #define RSAMD5_STR "RSAMD5"
#define DH_STR "DH" #define DH_STR "DH"
#define DSA_STR "DSA" #define DSA_STR "DSA"
#define RSASHA1_STR "RSASHA1"
#define HMACMD5_STR "HMAC_MD5" #define HMACMD5_STR "HMAC_MD5"
struct parse_map { struct parse_map {
@@ -157,6 +158,7 @@ static int
check_data(const dst_private_t *priv, const unsigned int alg) { check_data(const dst_private_t *priv, const unsigned int alg) {
switch (alg) { switch (alg) {
case DST_ALG_RSAMD5: case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
return (check_rsa(priv)); return (check_rsa(priv));
case DST_ALG_DH: case DST_ALG_DH:
return (check_dh(priv)); return (check_dh(priv));
@@ -185,8 +187,9 @@ dst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx) {
} }
int int
dst__privstruct_parsefile(dst_key_t *key, const char *filename, dst__privstruct_parsefile(dst_key_t *key, unsigned int alg,
isc_mem_t *mctx, dst_private_t *priv) const char *filename, isc_mem_t *mctx,
dst_private_t *priv)
{ {
int n = 0, major, minor; int n = 0, major, minor;
isc_buffer_t b; isc_buffer_t b;
@@ -305,9 +308,11 @@ dst__privstruct_parsefile(dst_key_t *key, const char *filename,
} }
memset(&priv->elements[n], 0, sizeof(dst_private_element_t)); memset(&priv->elements[n], 0, sizeof(dst_private_element_t));
tag = find_value(token.value.as_pointer, dst_key_alg(key)); tag = find_value(token.value.as_pointer, alg);
if (tag < 0 || TAG_ALG(tag) != dst_key_alg(key)) if (tag < 0 || TAG_ALG(tag) != alg) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail; goto fail;
}
priv->elements[n].tag = tag; priv->elements[n].tag = tag;
data = (unsigned char *) isc_mem_get(mctx, MAXFIELDSIZE); data = (unsigned char *) isc_mem_get(mctx, MAXFIELDSIZE);
@@ -327,7 +332,7 @@ dst__privstruct_parsefile(dst_key_t *key, const char *filename,
done: done:
priv->nelements = n; priv->nelements = n;
if (check_data(priv, dst_key_alg(key)) < 0) if (check_data(priv, alg) < 0)
goto fail; goto fail;
isc_lex_close(lex); isc_lex_close(lex);
@@ -388,6 +393,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
case DST_ALG_RSAMD5: fprintf(fp, "(RSA)\n"); break; case DST_ALG_RSAMD5: fprintf(fp, "(RSA)\n"); break;
case DST_ALG_DH: fprintf(fp, "(DH)\n"); break; case DST_ALG_DH: fprintf(fp, "(DH)\n"); break;
case DST_ALG_DSA: fprintf(fp, "(DSA)\n"); break; case DST_ALG_DSA: fprintf(fp, "(DSA)\n"); break;
case DST_ALG_RSASHA1: fprintf(fp, "(RSASHA1)\n"); break;
case DST_ALG_HMACMD5: fprintf(fp, "(HMAC_MD5)\n"); break; case DST_ALG_HMACMD5: fprintf(fp, "(HMAC_MD5)\n"); break;
default : fprintf(fp, "(?)\n"); break; default : fprintf(fp, "(?)\n"); break;
} }

7
lib/dns/sec/dst/dst_parse.h
View File

@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dst_parse.h,v 1.19 2001/05/10 19:07:13 bwelling Exp $ */ /* $Id: dst_parse.h,v 1.20 2001/09/15 00:01:50 bwelling Exp $ */
#ifndef DST_DST_PARSE_H #ifndef DST_DST_PARSE_H
#define DST_DST_PARSE_H 1 #define DST_DST_PARSE_H 1
@@ -84,8 +84,9 @@ void
dst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx); dst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx);
int int
dst__privstruct_parsefile(dst_key_t *key, const char *filename, dst__privstruct_parsefile(dst_key_t *key, unsigned int alg,
isc_mem_t *mctx, dst_private_t *priv); const char *filename, isc_mem_t *mctx,
dst_private_t *priv);
int int
dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv, dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,

5
lib/dns/sec/dst/hmac_link.c
View File

@@ -19,7 +19,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.53 2001/05/31 18:34:50 tale Exp $ * $Id: hmac_link.c,v 1.54 2001/09/15 00:01:52 bwelling Exp $
*/ */
#include <config.h> #include <config.h>
@@ -248,7 +248,8 @@ hmacmd5_fromfile(dst_key_t *key, const char *filename) {
isc_mem_t *mctx = key->mctx; isc_mem_t *mctx = key->mctx;
/* read private key file */ /* read private key file */
ret = dst__privstruct_parsefile(key, filename, mctx, &priv); ret = dst__privstruct_parsefile(key, DST_ALG_HMACMD5, filename, mctx,
&priv);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
return (ret); return (ret);

4
lib/dns/sec/dst/include/dst/dst.h
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dst.h,v 1.42 2001/05/31 18:34:51 tale Exp $ */ /* $Id: dst.h,v 1.43 2001/09/15 00:01:58 bwelling Exp $ */
#ifndef DST_DST_H #ifndef DST_DST_H
#define DST_DST_H 1 #define DST_DST_H 1
@@ -45,6 +45,8 @@ typedef struct dst_context dst_context_t;
#define DST_ALG_RSA DST_ALG_RSAMD5 /* backwards compatibility */ #define DST_ALG_RSA DST_ALG_RSAMD5 /* backwards compatibility */
#define DST_ALG_DH 2 #define DST_ALG_DH 2
#define DST_ALG_DSA 3 #define DST_ALG_DSA 3
#define DST_ALG_ECC 4
#define DST_ALG_RSASHA1 5
#define DST_ALG_HMACMD5 157 #define DST_ALG_HMACMD5 157
#define DST_ALG_GSSAPI 160 #define DST_ALG_GSSAPI 160
#define DST_ALG_PRIVATE 254 #define DST_ALG_PRIVATE 254

5
lib/dns/sec/dst/openssldh_link.c
View File

@@ -19,7 +19,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: openssldh_link.c,v 1.38 2001/07/10 04:01:16 bwelling Exp $ * $Id: openssldh_link.c,v 1.39 2001/09/15 00:01:53 bwelling Exp $
*/ */
#ifdef OPENSSL #ifdef OPENSSL
@@ -424,7 +424,8 @@ openssldh_fromfile(dst_key_t *key, const char *filename) {
mctx = key->mctx; mctx = key->mctx;
/* read private key file */ /* read private key file */
ret = dst__privstruct_parsefile(key, filename, mctx, &priv); ret = dst__privstruct_parsefile(key, DST_ALG_DH, filename, mctx,
&priv);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
return (ret); return (ret);

5
lib/dns/sec/dst/openssldsa_link.c
View File

@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: openssldsa_link.c,v 1.4 2001/07/10 04:01:17 bwelling Exp $ */ /* $Id: openssldsa_link.c,v 1.5 2001/09/15 00:01:54 bwelling Exp $ */
#ifdef OPENSSL #ifdef OPENSSL
@@ -364,7 +364,8 @@ openssldsa_fromfile(dst_key_t *key, const char *filename) {
#define DST_RET(a) {ret = a; goto err;} #define DST_RET(a) {ret = a; goto err;}
/* read private key file */ /* read private key file */
ret = dst__privstruct_parsefile(key, filename, mctx, &priv); ret = dst__privstruct_parsefile(key, DST_ALG_DSA, filename, mctx,
&priv);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
return (ret); return (ret);

19
lib/dns/sec/dst/opensslrsa_link.c
View File

@@ -17,7 +17,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: opensslrsa_link.c,v 1.12 2001/07/10 04:01:19 bwelling Exp $ * $Id: opensslrsa_link.c,v 1.13 2001/09/15 00:01:56 bwelling Exp $
*/ */
#ifdef OPENSSL #ifdef OPENSSL
@@ -44,6 +44,8 @@ static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data);
static isc_result_t static isc_result_t
opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) { opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
UNUSED(key); UNUSED(key);
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) { if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx; isc_md5_t *md5ctx;
@@ -64,6 +66,9 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
static void static void
opensslrsa_destroyctx(dst_context_t *dctx) { opensslrsa_destroyctx(dst_context_t *dctx) {
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) { if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque; isc_md5_t *md5ctx = dctx->opaque;
@@ -84,6 +89,9 @@ opensslrsa_destroyctx(dst_context_t *dctx) {
static isc_result_t static isc_result_t
opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) { opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) { if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque; isc_md5_t *md5ctx = dctx->opaque;
isc_md5_update(md5ctx, data->base, data->length); isc_md5_update(md5ctx, data->base, data->length);
@@ -106,6 +114,9 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
int type; int type;
unsigned int digestlen; unsigned int digestlen;
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
isc_buffer_availableregion(sig, &r); isc_buffer_availableregion(sig, &r);
if (r.length < (unsigned int) RSA_size(rsa)) if (r.length < (unsigned int) RSA_size(rsa))
@@ -144,6 +155,9 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
int type; int type;
unsigned int digestlen; unsigned int digestlen;
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) { if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque; isc_md5_t *md5ctx = dctx->opaque;
isc_md5_final(md5ctx, digest); isc_md5_final(md5ctx, digest);
@@ -418,7 +432,8 @@ opensslrsa_fromfile(dst_key_t *key, const char *filename) {
#define DST_RET(a) {ret = a; goto err;} #define DST_RET(a) {ret = a; goto err;}
/* read private key file */ /* read private key file */
ret = dst__privstruct_parsefile(key, filename, mctx, &priv); ret = dst__privstruct_parsefile(key, DST_ALG_RSA, filename, mctx,
&priv);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
return (ret); return (ret);